Skip to main content
search
All Posts By

Shane Coughlan

Shane Coughlan is an expert in communication, security and business development. His professional accomplishments include spearheading the licensing team that elevated Open Invention Network into the largest patent non-aggression community in history, establishing the leading professional network of Open Source legal experts and aligning stakeholders to launch both the first law journal and the first law book dedicated to Open Source. Shane has extensive knowledge of Open Source governance, internal process development, supply chain management and community building. His experience includes engagement with the enterprise, embedded, mobile and automotive industries.

Jan 18
Love0

COMING SOON: OpenChain webinar on a single open source stack for open source compliance and security – 2025-01-20 @ 08:00 UTC

By News

What We Will Cover:

CRA is coming. And this European regulation will impact software development worldwide. Organizations (and projects) of all sizes need efficient compliance processes to correctly identify software components and strengthen cybersecurity efforts.

The AboutCode stack of 100% open source tools and open data is engineered to automate compliance, with a practical approach. Tools like ScanCode and DejaCode paired with aggregated open databases like PurlDB and VulnerableCode ensure accurate origin, licensing, vulnerability detection, and comprehensive SBOM management. Newer projects like Massive FOSS Scan, CRAVEX, and AI-Generated Code Search deliver new performance improvements and advanced capabilities to improve the automation of compliance processes.

In this presentation, AboutCode lead maintainer Philippe Ombredanne will share the latest updates on how to use the AboutCode stack for better, faster, and more efficient license and security compliance automation.

How To Join:

or

  • One tap mobile:
    • US (iOS): +12532158782,,92010703079#,,,,209683#
    • US (Android): +12532158782;92010703079#;209683#

or

  • International numbers: https://zoom.us/u/alwnPIaVT

Meeting ID: 92010703079
Meeting Passcode: 209683

Check Out The Rest Of Our Webinars

Jan 17
Love0

RECORDING: OpenChain Monthly Specification and Education Call (Europe – Asia) – 2025-01-15

By News

Our second meeting of the Specification and Education Work Groups was a Europe and Asia call.

Check out the Meeting Slides:

Watch the Recording:

Specification Work Group:

We covered:

  1. The end of the comment period for proposed updates to ISO/IEC 5230 and ISO/IEC 18974 (2024-06-19 ~ Ending 2024-12-19) [1]
  2. What happens next in the three-month Freeze Period [2]
  3. What to expect from the Steering Committee meeting to review the Specification Drafts on 2025-02-03 adjacent to the Q1 2025 Governing Board Meeting in Brussels
  4. What is happening with the separate ISO/IEC 5230 periodic review at ISO as it reaches five years of age, and what to expect next
[1] https://hubs.la/Q031H2V_0
[2] https://hubs.la/Q031H12h0

Education Work Group:

We covered:

  1. What happens next with the OpenChain Explainer Series – Documents (Release) and Videos (Beta) [3]
  2. The status of the Capability Model and what to expect next [4]
  3. A proposal to consider where we can go with online training for ISO/IEC 5230 (LFC 193 and LFC 194 refresh with LF Training?) and ISO/IEC 18974 (New LFC courses with LF Training?)
[3] https://hubs.la/Q031H0dQ0 (YouTube: https://tinyurl.com/5n7bja9d)
[4] https://tinyurl.com/358s8smy

Other Items:

A note on the timing of the call, and sustainability:

This call takes place between 01:30 and 02:30 in Japan to allow North American and European participants to collaborate. However, this makes it difficult for the General Manager to attend. There is a request to action one of two things:

  1. Move the meeting to a North America / Asia schedule, complementary with the other OpenChain Monthly Specification and Education Call (Europe / Asia) on 3rd Wednesdays or
  2. A community volunteer to run the meeting on a regular basis

Issue to be discussed further.

Coming Next:

We will be following up on the activities outlined above on the mailing lists, and we will continue our regular series of calls and meetings throughout the year.

Join Our Work:

Everyone is welcome to be part of the Specification Work Group. You can join their mailing list here:
https://lists.openchainproject.org/g/specification/

You can find and be part of all OpenChain calls through our participation page here:
https://openchainproject.org/participate

Jan 17
Love0

RECORDING: OpenChain AI Work Group – Monthly Workshop for North America and Europe – 2025-01-14

By News

We held the first monthly workshop for the OpenChain AI Work Group in 2025. It was a two-hour session to allow topics related to AI compliance to be discussed, explored and defined. The key focus for the Work Group is to develop and finalize a Guide to AI Bill of Material Compliance in the Supply Chain, and there is active drafting going on during each meeting.

Full Recording:

The Draft Guide:

https://docs.google.com/document/d/1g1kdmx1bDlQ0feSeW-ZY5JRFAF-HC30a/edit

Track This Work:

You can follow and contribute to the work of the OpenChain AI Work Group through its dedicated mailing list. This is open to everyone regardless of industry vertical or speciality. You will find it here:

Attend Future Meetings:

You can find and get the dial-in details for all future AI Work Group meetings from our participate page here:

Jan 10
Love0

RECORDING: OpenChain Monthly Specification and Education Call (North America and Europe) – 2025-01-08

By News

Our first meeting of the Specification and Education Work Groups started with a North America and Europe call.

Check out the Meeting Slides:

Watch the Recording:

Specification Work Group:

We covered:

  1. The end of the comment period for proposed updates to ISO/IEC 5230 and ISO/IEC 18974 (2024-06-19 ~ Ending 2024-12-19) [1]
  2. What happens next in the three-month Freeze Period [2]
  3. What to expect from the Steering Committee meeting to review the Specification Drafts on 2025-02-03 adjacent to the Q1 2025 Governing Board Meeting in Brussels
  4. What is happening with the separate ISO/IEC 5230 periodic review at ISO as it reaches five years of age, and what to expect next
[1] https://hubs.la/Q031H2V_0
[2] https://hubs.la/Q031H12h0

Education Work Group:

We covered:

  1. What happens next with the OpenChain Explainer Series – Documents (Release) and Videos (Beta) [3]
  2. The status of the Capability Model and what to expect next [4]
  3. A proposal to consider where we can go with online training for ISO/IEC 5230 (LFC 193 and LFC 194 refresh with LF Training?) and ISO/IEC 18974 (New LFC courses with LF Training?)
[3] https://hubs.la/Q031H0dQ0 (YouTube: https://tinyurl.com/5n7bja9d)
[4] https://tinyurl.com/358s8smy

Other Items:

A note on the timing of the call, and sustainability:

This call takes place between 01:30 and 02:30 in Japan to allow North American and European participants to collaborate. However, this makes it difficult for the General Manager to attend. There is a request to action one of two things:

  1. Move the meeting to a North America / Asia schedule, complementary with the other OpenChain Monthly Specification and Education Call (Europe / Asia) on 3rd Wednesdays or
  2. A community volunteer to run the meeting on a regular basis

Issue to be discussed further.

Coming Next:

We will be following up on the activities outlined above on the mailing lists, and we will continue our regular series of calls and meetings throughout the year.

Join Our Work:

Everyone is welcome to be part of the Specification Work Group. You can join their mailing list here:
https://lists.openchainproject.org/g/specification/

You can find and be part of all OpenChain calls through our participation page here:
https://openchainproject.org/participate

Dec 20
Love0

AVL List GmbH Announces an ISO/IEC 5230 Conformant Program

By Featured, News

AVL List GmbH has announced an ISO/IEC 5230 conformant program.

About AVL

AVL is a world-leading technology company specialising in development, simulation and testing in the automotive industry and other sectors such as rail, marine and energy. Through extensive research, AVL delivers concepts, technology solutions, methodologies and development tools for sustainable, safe and advanced mobility and beyond.

AVL supports international partners and customers in sustainable and digital transformation, with a focus on electrification, software, AI and automation. AVL also supports companies in energy-intensive sectors on their way to green and efficient energy generation and supply.

For more information: www.avl.com

About the OpenChain Project

The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.

About The Linux Foundation

The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

Dec 20
Love0

ETRI Recertification of ISO/IEC 5230

By Featured, News

The Electronics and Telecommunications Research Institute of South Korea (ETRI) has announced recertification of their ISO/IEC 5230 conformant program. Learn about their original ISO/IEC 5230 conformance on our previous blog post.

ETRI is a global information and communication technology (ICT) research institute under the Ministry of Science and ICT. It has led the growth of the information and communication industry in Korea for 45 years. The research institute is working to realize the concept of ‘Korea, an AI powerhouse’ with a vision of “a national intelligence research institute that creates a future society.” ETRI has been conducting open source verification as a software quality management since 2008, and established the Open Source Center as an enterprise-wide organization to support open source R&D activities, governance and compliance in 2017.

“We are delighted to have ETRI underscore their commitment to our standardization approach and the development of a more trusted open source supply chain,” says Shane Coughlan, OpenChain General Manager. “We will continue to work together in Korea and beyond to help educate, inform and inspire others in our field.”

About the OpenChain Project

The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.

About The Linux Foundation

The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

Dec 20
Love0

OpenChain Webinar: DeviceCode – A Crowdsourced Device Data Parser

By automation, News, security, Webinar

When walking into a shop, there’s a lot of choice for electronic devices like WiFi routers, IP cameras, and more. Many devices are identical, or nearly so, as they come from the same manufacturer or use the same chip and code from the chipset manufacturer.

CVEs, however, often focus on individual devices rather than classes of similar devices, leaving many vulnerable ones unreported. For example, CVE-2006-2560 and CVE-2006-2561 describe the same vulnerability on devices from different vendors—likely from the same ODM. Many more devices with the same vulnerabilities are overlooked, possibly giving a false sense that only the listed devices are at risk.

Information about device hardware, such as the ODM or chipset used, isn’t easily accessible, as companies rarely disclose this. Fortunately, a wealth of data has been crowd-sourced globally via various wikis. However, this information is hard to reuse outside those specific platforms.

This is where DeviceCode comes in: it unlocks and cleans data from various wikis (as not all users input data correctly or consistently) and integrates it with other sources. This makes it possible to query by chipset, manufacturer, ODM, and even installed software. It helps answer questions like, “Which other devices are similar to a known vulnerable device?” enabling security researchers to identify additional vulnerable devices.

Watch The Webinar

About Our Speaker

Armijn Hemel, MSc, is the owner of Tjaldur Software Governance Solutions, a consultancy specializing in open-source license compliance engineering and provenance research.

More About Our Webinars:

This event is part of the overarching OpenChain Project Webinar Series. Our series highlights knowledge from throughout the global OpenChain eco-system. Participants are discussing approaches, processes and activities from their experience, providing a free service to increase shared knowledge in the supply chain. Our goal, as always, is to increase trust and therefore efficiency. No registration or costs involved. This is user companies producing great informative content for their peers.

Check Out The Rest Of Our Webinars

This OpenChain Webinar was broadcast on 2024-12-19.

Dec 17
Love0

2024 Recap – Open Source and IP Departments: Risk Containment and Portfolio Management – Open Source Summit Europe – Full Recording

By News

About The Speech:

Product teams, R&D teams and OSPOs occasionally find themselves in an adversarial situation with IP Departments around open source and how it should be managed in an organization. This is usually due to misunderstandings about how open source provides value and how the risks associated with it can be contained. With open source increasingly necessary for organizations to compete effectively, it is important to ensure all departments understand its strategic importance, and how to manage it in the context of their KPIs and requirements. This talk will explain how to collaborate with IP Departments using the language of external risk containment and internal portfolio management, and help IP Department staff assess open source as part of a diversified IPR strategy.

Watch The Recording:

Dec 16
Love0

2024 Recap – Creating Standards – From Writing a Spec to Obtaining ISO Status – Open Source Summit Europe – Full Recording

By News

About The Speech:

This talk will explain the process of going from a blank page to an ISO standard using OpenChain ISO/IEC 5230:2020 as a case study. It will explain how the OpenChain specification team came together, how they created the first iterations of what would become ISO/IEC 5230, and how they collaborated with Joint Development Foundation (JDF) to evolve from de-facto industry standard into formal international standard through the JTC-1 PAS Transposition Process. Attendees will learn how to frame, build and deploy their own specifications and standards, with a particular focus on the practical decisions required: should this be a specification, should it be an ISO standard and what do I need to do to make this happen?

Watch The Recording:

Dec 13
Love0

Honda Joins The OpenChain Project As A Platinum Member

By Featured, News

Honda is the latest company to join the OpenChain Project as a Platinum Member and to take a seat at the Governing Board and Steering Committee. This builds on their engagement with the OpenChain Project in adopting ISO/IEC 5230 and ISO/IEC 18974.

“Joining the OpenChain Project board is an example of how Honda takes a leadership position in managing open source,” says Yuichi Kusakabe, IVI software PF and OSPO Tech Lead at Honda. 

“Honda is an exceptional company in the management of large, complex supply chains,” says Shane Coughlan, OpenChain General Manager. “Today’s announcement underlines their commitment to developing excellence in open source, and in building trusted supply chains. The OpenChain Project Governing Board is delighted to formally welcome them, and looks forward to doing great things together in 2025.”

About Honda

Honda is a mobility company powered by everyone’s dreams, creating mobility that helps and inspires people, in a wide range of fields such including motorcycles, automobiles, power products and aircraft.

About the OpenChain Project

The OpenChain Project has an extensive global community of over 1,000 companies collaborating to make the supply chain quicker, more effective and more efficient. It maintains OpenChain ISO/IEC 5230, the international standard for open source license compliance programs and OpenChain ISO/IEC 18974, the industry standard for open source security assurance programs.

About The Linux Foundation

The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

Close Menu